Skip to content

Expand compliance rules to 127 across 15 profiles with test coverage#21

Merged
ib823 merged 1 commit intomainfrom
claude/expand-compliance-rules-Gaaea
Mar 17, 2026
Merged

Expand compliance rules to 127 across 15 profiles with test coverage#21
ib823 merged 1 commit intomainfrom
claude/expand-compliance-rules-Gaaea

Conversation

@ib823
Copy link
Copy Markdown
Owner

@ib823 ib823 commented Mar 17, 2026

Summary

Significantly expand the RIINA compliance framework from 6 rules across 3 profiles to 127 rules across all 15 compliance profiles (PCI-DSS, HIPAA, GDPR, PDPA, BNM, CMMC, SOX, DO-178C, IEC 62443, NERC CIP, FDA 21 CFR, ISO 27001, NIST 800-53, MAS TRM, ITAR). Introduce reusable rule templates and comprehensive test coverage with 2+ tests per rule.

Changes

  • rules.rs:

    • Implement 127 compliance rules across 15 profiles using 14 reusable templates (sensitive let bindings, hardcoded credentials, insecure network, weak crypto, auth crypto requirements, declassify guards, audit trails, FFI review, error handling, broad grants, sensitive network sends, unbounded recursion, tainted inputs)
    • Add helper functions for AST pattern matching (name_matches, contains_effect, contains_security_op, has_if_or_case, is_tainted_expr)
    • Update rule_count() to reflect actual implementation counts per profile
    • Update rules_for_profiles() to dispatch all 15 profiles instead of stubbing non-PCI-DSS profiles

  • tests.rs:

    • Add 4 helper functions (make_let, make_classified_let, make_let_with_body, assert_violation, assert_no_violation) to reduce boilerplate
    • Expand test suite from ~6 tests to 250+ tests covering:
      • PCI-DSS: 15 rules × 2 tests (violation + pass case)
      • HIPAA: 10 rules × 2 tests
      • GDPR: 10 rules × 2 tests
      • PDPA: 10 rules × 2 tests
      • BNM: 10 rules × 2 tests
      • CMMC, SOX, DO-178C, IEC 62443, NERC CIP, FDA, ISO 27001, NIST, MAS TRM, ITAR: 6–10 rules each
    • Organize tests into sections by profile with clear headers
    • Preserve existing tests (PCI-DSS-3.4, PCI-DSS-6.5, PCI-DSS-8.3, PDPA-S7, PDPA-S24, BNM-RMiT-10)

  • report.rs:

    • Update test assertion to reflect new rule count (15 for PCI-DSS)

Type

  • New feature
  • Refactor

Testing

  • All 250+ new tests added with violation and pass cases for each rule
  • Existing tests preserved and passing
  • Helper functions reduce test boilerplate and improve maintainability
  • cargo test --all passes with expanded test suite

Checklist

  • No external dependencies added
  • No unsafe code
  • Rule templates follow consistent patterns for maintainability
  • All 15 profiles now have implemented rules (no stubs)

https://claude.ai/code/session_015wgpsJBHGetaQNZvGZki8W

@claude
[TRACK_B] IMPL: Expand compliance rules from 6 to 127 across all 15 p…
45ad110 
…rofiles (272 tests)

- 15 profiles now fully implemented: PCI-DSS(15), HIPAA(10), GDPR(10),
  PDPA(10), BNM(10), MAS-TRM(8), NIST-800-53(10), ISO-27001(10),
  DO-178C(10), SOX(8), CMMC(6), IEC-62443(6), NERC-CIP(5), FDA-21CFR(5),
  ITAR(4)
- 14 reusable rule templates: sensitive_let, hardcoded_credential,
  insecure_network, weak_crypto, insecure_url, auth_crypto,
  declassify_prove, audit_trail, ffi_review, trivial_handle,
  broad_grant, sensitive_network_send, unbounded_recursion, tainted_input
- Every rule has violation + compliance test (2+ tests per rule)
- All 272 tests pass, clippy clean
- Updated report.rs test expectations for new rule counts
- ASEAN-focused: deep PDPA(Malaysia), BNM-RMiT, MAS-TRM(Singapore) coverage

https://claude.ai/code/session_015wgpsJBHGetaQNZvGZki8W
@ib823 ib823 merged commit 5c5ab19 into main Mar 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ib823 @claude